Free and Safe in Cyberspace – EU Edition 2016

On September 22-23rd, in Brussels, Belgium
At Mundo B, Rue d’Edimbourg 26

The event aims to catalyse a constructive dialogue and a wide informed consensus on new international standards and certification governance bodies for ultra-high assurance end-2-end IT systems – for communications, constitutional lawful access and autonoums systems – to deliver access to unprecedented and constitutionally– meaningful* e-privacy and e-security to all, while increasing public safety and cyber-investigation capabilities.

Featured Speakers

Bart Preneel.Leading EU cryptographer and IT security and privacy expert. Director of KU Leuven COSIC group, organizers of the leading EU crypto conference Eurocrypt. Former President (2008-2014) of the International Association for Cryptologic Research. Consultant to NIST on governance reform. Project manager of the Network of Excellence ECRYPT II ECRYPT-NET (2015-2019) and ECRYPT CSA (2015-2017).

Jan Philipp Albrecht. Member of the European Parliament and Vice-Chair of its Committee on Civil Liberties, Justice and Home Affairs (LIBE Committee). A Franco-German politician from the Alliance ’90/The Greens, he is specialized in the field of civil rights, data protection and democracy.

Renaud Sirdey. Research Director at Commissariat à l’Energie Atomique (CEA). The CEA is the French Atomic Energy Commission, established in October 1945. With over 2000 researcher, 15.800 staff and 4.8m€ budget, it is the World technological leader in atomic energy innovation and safety.

Koen Maris. Chief Technology Officer at ATOS. A Security Expert with a unique combination of conceptual and technical competences. Previously Chief Security Officer at Telecom Luxembourg. ATOS is one of the top 5 EU IT security companies with 9bn€ revenue in 2015. He has 18 years of experience in the IT domain and for customers in various business sectors.

Cathrin Bauer-Bulst*. Leader of Unit D2 – Fight against organised Cybercrime of the European Commission Directorate General Migration and Home Affairs. The unit works closely with the EUROPOL to implement the EU Cybersecurity Strategy.

Marit Hansen. Data Protection Supervisor of the State of Schleswig-Holstein of the Federal Republic of Germany. The Privacy Commissioner of Schleswig-Holstein, Marit Hansen, is head of ULD. ULD is responsible for both freedom of information as well as data protection at private and public sector entities seated in Schleswig-Holstein.

Jaap Hoepman. Associate professor at the Institute for Computing and Information Sciences of the Radboud University Nijmegen. Director of the Privacy & Identity Lab. Member of the Digital Security group. Author of “The Second Crypto War Is Not about Crypto” and “Revocable Privacy: Principles, Use Cases, and Technologies“

Max Schrems. (video message) Austrian privacy activist. He initiated a lawsuit questioning the complaince of the Safe Harbor agreement between EU and US, which lead to its invalidation by the Court of Justice of the European Union. He leads proposals for sector-specific alternatives he proposed Privacy Shield recently agreed by EU and US.

Stefano Quintarelli. President of Steering Committee of Italian Digital Agenda. Member of the Italian Parliament and President of the Italian Innovation Parliamentary Group. Formerly Director of the Digital Department of the Sole 24 Ore, the main Italian economics newspaper. Co-founder of the IT security associations CLUSIT e APSI. First signer a 2014 legislative proposal on “techniological sovranity e docuemented hardware” (url). Former angel investor in IT sector.

Jovan Golic.Privacy, Security and Trust Action Line Leader of EIT Digital. Internationally recognised cryptographer and IT assurance expert. EIT Digital manages through 6 Action Lines about 700M€ yearly of EU funds for close-to-market IT innovation, research and education co-funding.

Rufo Guerreschi. Exec. Dir. of the non-profit Open Media Cluster, which promote the Trustless Computing Initiative and the Trustless Computing Certification Campaign. Life-long activist for international democratization within and through IT.

Paolo Acunzo. Deputy Secretary of the European Federalist Movement of Italy.Long-time proponents of stronger EU and international democratic governance institutions in all domains. Vice-President of Lazio Region of the Italian Democratic Party, and Member of its National Secretariat of the Italian Democratic Party.

Stuart Armstrong*. Senior Fellow at the Future of Humanity Institute. He is the leading senior researcher at FHI, under the guidance of Director Nick Bostrom, who is arguably the most influential thinker on longer-term prospects of Artificial Intelligence.

Roberto Baldoni.Director of the Center for Cyber Intelligence and Information Security, University La Sapienza. Author of the White Book on Cybersecurity (pdf), with the support of the Security Intelligence Department (“Dipartimento Informazioni per la Sicurezza”) of the Italian Prime Minister’s Office.

[*to be confirmed]

Moderators

David Meyer (moderator) Berlin-based senior technology writer at Fortune. Specialising in connected rights, privacy, policy, communications. Previously at Gigaom and POLITICO Europe. Has written for ZDNet, BBC, the Guardian.

Jennifer Baker. (moderator) Brussels-based Europe Correspondent at Arstecnica.com, leading IT security portal. Jennifer Baker has been a journalist in print, radio and television for nearly 20 years, the last seven specialising in EU policy and legislation in the tech sector.

Past Editions

– On Sept 24-25th 2015, the 1st EU Edition 2015 was held in Brussels, with the support of great sponsors. It attracted amazing speakers, including the best IT security experts of Europe and US – including Bruce Schneier, Bart Preneel, Richard Stallman – and the most relevant EU defense, IT security and R&D institutions – such as the Head of Information Superiority of the European Defence Agency, the Deputy European Data Protection Supervisor, Deputy Head of Security & Trust of EU DG Connect, Exec. Dir. of ECSEL-JU, Senior Executive of the Future of Humanity Institute – as you can see from the report and the program with videos.
– On Oct 16th 2015, a smaller 1/2-day Latin American Edition was then held in Iguazu, Brazil, with distinguished guests.
– On July 21st 2016, a 1st US Edition 2016 was held in New York with amazing confrimed speakers, including Joe Cannataci, the UN Special Rapporteur on the Right of Privacy, and Max Schrems, the Austrian privacy activist behind the overhaul of Safe Harbor Agreement.

Intro

Recent evidence suggests that nearly all IT devices and services are remotely, undetectably and scalably hackable by several actors, through state-sanctioned or state-mandated backdoors.

As a consequence, EU and US IT companies are struggling to seek ways to offer the levels of trustworthiness that both customers and constitutions require, by differentiating themselves sustainably on the basis of provable and meanigfully-higher levels of trustworthiness.

We are told daily by nearly all privacy experts and government officials that we must to choose between meaningful personal privacy and enabling lawfully authorized cyber-investigations. But both are essential to democracy and freedom. What if it was not a choice of “either or”, a zero-sum game, but instead primarily a “both or neither” challenge, yet to be proven unfeasible?

Are key assets and capabilities of nations’ law enforcement, defense and intelligence themselves highly vulnerable to attackers – foreign, domestic and internal – due to the lack of sufficiently comprehensive, translucent and accountable socio-technical standards, such as in IT facility access, device fabrication or assembly? How vulnerable are AI-driven autonomous IT systems, moveable and not, to attacks via their critical socio-technical low-level subsystems?

Can the paradigm “Trust but verify” still be a sufficient when the bribery, threatening or identity theft of a single person (rarely 2), in key role in the lifecyle of a single critical component or process, can enable concurrent compromisation of every instance of a given critical IT system, including communication, state surveillance, or autonoumous moveable devices? Should the paradigm rather be “Trust or verify”, by deepening and extending oversight all the way to CPU designs and fabrication oversight? But how can that be made economical for wide spread adoption and compatible with feature and performance needs?

DEFINITIONS: “Constitutionally-meaningful ICT“: We define a given complete ICT service as having a “constitutionally-meaningful level of trustworthiness” when it is confidently resistant to persistent attempts worth tens of millions of euros to compromise its life-cycle and tens of thousands to compromise a single user, by actors with high plausible deniability and very low practical liability.